LWN.net Weekly Edition for October 14, 2004
Novell waves its patent weapons
Novell got off to a bit of an awkward start with the free software community; since then, the company has missed few opportunities to state its support for the community's goals - and to back up those words with actions. Releasing iFolder and Ximian Connector and jumping into the SCO fray are a few examples of note. Now Novell has posted a policy statement describing how it will respond to patent attacks on free software. This policy may not be all that the community might ask for, but, if Novell lives up to its words, the community may have just gained a new, potent ally in the patent battle.So what is Novell saying? The company makes its purpose clear at the beginning:
In other words, Novell wants to make the world safe for Novell products - and their customers. Yes, this is a selfish motivation, but one should not forget that this is a corporation we are talking about here. The important point is that Novell sees litigious patent holders as a threat to its interests, and is responding in the hope of heading them off.
Here is the stick intended to deter possible attackers:
It is a sort of intellectual property mutual assured destruction policy: if you deploy your patent weapons in a way which threatens Novell's interests, Novell will respond with "highly relevant" weapons of its own.
This promise is worth something, for a couple of reasons. The first is that it is credible: Novell has truly committed itself to Linux, and is indisputably threatened by anybody who brings threats against Linux or its users. The company's own interests will compel it to respond to such threats.
The other notable point here is that a threat against almost any package shipped in the SUSE Linux distribution is a threat against Novell. The announcement for SUSE Linux Professional 9.2 claims over 3500 packages. So, while Novell has not committed itself to defending any free software project, especially if Novell customers have not been directly threatened, the fact remains that the company must be prepared to step in and defend a large number of projects if its promise to its own customers is to remain credible. Anybody who considers launching an attack against any of those 3500 packages will have to include a possible response from Novell in their calculations. The patent threat, while still very real, has just gotten a little bit less scary.
There is one thing which Novell did not say, however: nothing in the posted policy commits the company to not using its own patents to attack a competing free software project. We asked Novell about whether the company would make an IBM-style "no first use" declaration; we got this response back from company PR Director Bruce Lowry:
That is good stuff, and what one would have expected to hear. But it would have been nice if Novell's patent policy contained an explicit promise not to attack free software with patents.
This point leads into another thing which is absent from Novell's patent policy: any sort of commitment to work toward reform of the patent system. The simple fact is that Novell, like IBM and others, appears to be happy with the patent system itself. Novell has acquired enough "highly relevant" patents to be confident in its ability to fend off attacks from others. Having gotten into a position where just about anybody in the industry is probably infringing upon at least one of its patents, Novell has no particular motivation to drop its weapons. Such is the nature of the U.S. patent system; at least those weapons are, for now, deployed in the defense of free software.
Reports from the GNOME summit
The distributed development model works very well for the open source community, but sometimes there's just no substitute for putting people together in a room to work on a project. The GNOME Summit held this past weekend in Boston did just that with 50 to 60 GNOME developers.
Since we were unable to attend in person, we did the next best thing and
got the skinny on the Summit from two of the attendees, Luis Villa and Owen
Taylor, both members of the GNOME Foundation Board. Villa said that about
half of the scheduled time at the Summit was devoted to hacking and that a
big focus of the Summit was to "get the juices flowing again, not
listen to someone pound through PowerPoint slides.
"
Despite the heavy developer attendance, Taylor told us that the topic that drew the most interest was marketing. Villa said that there were three sessions on marketing, and that the group had come up with good ideas on what kinds of people they should be marketing to, and how to talk to those target markets. Villa mentioned that it was very important to market not just to users, but also to ISVs and developers to try to get those groups to develop products using the GNOME platform. Villa mentioned that GNOME hasn't always done the best at marketing its product, noting that other projects have gotten more press coverage for the same features:
For those interested, Villa's notes on marketing are posted to his website. It looks like the marketing discussions at the Summit have also spurred interest in reviving the GNOME marketing list.
Taylor led a session at the Summit on next generation rendering for GNOME based on Cairo and new technologies coming out of X.org
Villa said some of the discussions covered usability, integration with
X.org, and "administrative stuff
" including a possible move
away from CVS for the GNOME project. Taylor said there were also good
discussions on hardware integration, control center reorganization and
D-BUS.
Since only a small number of GNOME developers were at the Summit, Villa
said there was "a lot of discussion about the directions the project
will be taking
" but concrete decisions will be deferred to until the
discussions can be taken to the GNOME lists.
We were hoping that the Summit would provide a clear picture of what to expect in the next release of GNOME, but Taylor said it's really too early to say what features will be in GNOME 2.10:
But right now, I'd say it looks like it will be mostly continuing some of the themes that we saw in GNOME-2.8; incremental usability improvements, better integration within the desktop, with the operating system, and with applications.
Villa also said it would be hard to predict exactly what would be in the next release, but did throw out a few hints:
One feature that was heavily discussed at the conference that might be in the next release is Beagle. The Beagle project, not yet officially part of GNOME, is a tool for indexing various forms of data, including mail, web pages, Instant Messaging, and integrating search into the desktop.
Villa compared Beagle to Apple's Spotlight and
the search technology that is reported to be in Microsoft's "Longhorn"
release. Villa says the name doesn't have any specific significance, except
that "it's about sniffing out things, finding things
". Villa
also told LWN that Beagle isn't tied to "official" GNOME applications, and
will work with a variety of applications. "If you only talk to the
official GNOME browser, mail client, you're locking out a lot of
people. This approach is a little more flexible
".
Readers interested in following Beagle development can turn to the Planet Beagle blog.
Both Taylor and Villa said that the Summit was a success. Taylor noted that he was happy to be able to pull in 50 or 60 developers when the Summit was announced just a few weeks in advance of the event:
Villa also mentioned that the Stata building where the Summit was held was
"
Mr. Merkey claimed to have disposed of the Novell issue by means of having
filed a sexual harassment suit against the company, but life was not to be
so easy. The closure of Timpanogas was announced in 2001:
One would think that Mr. Merkey would have had enough intellectual property
litigation for one life, but that appears to not be the case. He recently
resurfaced on linux-kernel with this
interesting offer:
The offer has spawned a number of side conversations on what an insultingly
inadequate offer $50,000 really is. Certainly any number of companies
would jump at the chance to pick up a non-GPL version of the kernel at that
price. But such discussions - and the offer itself - miss the real point.
Unlike many other large free software projects, the kernel does not require
any sort of copyright assignment from contributors. Those who get code
merged into the kernel retain their copyrights on that code. As a result,
the kernel has hundreds - if not thousands - of copyright holders. Getting
them all to agree on a licensing change would be a challenging task.
Simply finding them all is likely to be beyond just about anybody's
capabilities.
Critics of the kernel's organization claim that the lack of copyright
assignment exposes the kernel to legal claims. They also state that the
absence of a single copyright holder makes it difficult to enforce the GPL
against those who fail to respect its terms. In response, one can point
out that a copyright assignment would have been unlikely to deter the SCO
Group from its campaign against IBM, and that the Netfilter team has been
doing an admirable job of copyright enforcement.
What widely distributed copyright ownership does do, however, is to make a
relicensing of the code impractical, if not impossible. We need not worry
that Linus will someday succumb to temptation and sell out the kernel.
Some developers are suspicious of OSDL, but none fear that it will start
selling off private versions of the kernel to well-heeled companies. For
all that some
people like to compare certain distributors with Microsoft, those
distributors will never get into a position where they are shipping
proprietary Linux kernels.
Given this context, one wonders what Mr. Merkey thought he would be able to
accomplish. There is no risk of him being able to buy himself a GPL
exception for the kernel. The structure of the kernel's ownership is such
that taking it private is not a practical possibility. This discussion is
done; we must confess, however, to a certain curiosity about what
Mr. Merkey's next scheme will be.
an incredible place to gather
", and the photos from the event
certainly support that. Links to photos from the conference can be found on the Summit
website.
Buying the kernel
Long-time LWN readers have seen their share of, um, "interesting" Jeff Merkey quotes
over the years. Mr. Merkey worked at Novell, but left to form the
Timpanogas Research Group, which, at times, intended to sell "virtual
network disk" technology, the Ute-Linux
distribution, and a Netware-like kernel called MANOS. The company
spent vast amounts of money in litigation with Novell, and was ahead of the curve in
the indemnification game:
Security
Security-improving technologies which could be deployed now
Linux does not host the same applications as the more popular operating systems; it does not cater to the same host of bugs those applications provide to allow attackers to easily gain privileged access to the system. Still, if the same classes of bugs exist in Linux applications, the same problems arise. Linux is vulnerable to the same exploits as any other operating system when bugs exist to facilitate those exploits.Most popular Linux distributions do not make use of available security technologies that would deflect a large number of these attacks. There are technologies available today that allow the maintainers of distributions such as Gentoo, Debian, or Mandrake to make the system more resilient if not virtually invulnerable to these exploitable bugs. These technologies are open source, GPL licensed solutions to the future problems that Linux will face as it gains popularity.
There are many transparent security technologies available that maintainers could use to improve the security of a Linux distribution, such as Stack Smash Protection, PaX, and Position Independent Executables (PIE). These, such as can be safely and easily integrated with any distribution to improve security without altering the users' experience or administration of the system.
Stack Smash Protection
Stack Smash Protection is a method of detection and mitigation of stack based buffer overflow bugs in programs. There are several implementations; the one focused on here is IBM's Stack Smash Protector (SSP), formerly known as ProPolice. SSP prevents stack based buffer overflow bugs from being used to exploit programs in many cases.A fair number of security exploits begin with stack based buffer overflows. SSP rearranges local variables to put character arrays at the highest address and copies pointers passed to the function to new local variables below these arrays. This prevents a wide range of overflow based attacks. It uses a strategically placed local variable known as a "canary" or "guard value" to check for overflows.
SSP is implemented as a compiler patch to gcc. This patch alters the way functions are generated so that they check for buffer overflows. It can be used via the -fstack-protector and -fstack-protector-all switches, or by passing --enable-stack-protector to the configure script when building gcc. In either case, -fno-stack-protetctor[-all] explicitly disables the protection.
There are still some cases which SSP cannot catch, such as bugs affecting structures with vulnerable layouts; but it is definitely a powerful tool for preventing exploitation of many programming bugs. It may also expose some simple programming bugs, such as those which overflow a buffer by a few bytes. These bugs cause programs to crash during normal operation with SSP.
SSP was developed by Hiroaki Etoh and Kunikazu Yoda of the IBM Research Division, based on StackGuard. It was originally outlined in a paper by its authors. StackGuard was developed by Immunix Inc., and first appeared in 1998 or earlier. There have also been other papers examining stack smash protection techniques and implementation.
PaX
PaX is a patch to the Linux kernel source tree to implement memory protections which make certain classes of exploits difficult or impossible. Depending on architecture, PaX may have a very low or insignificant overhead. It is a powerful tool for preventing a great many potential exploits.
The Exec Shield (ES) technology contributed by Red Hat is somewhat similar to PaX; however, PaX supplies greater control over protections on individual binaries, as well as greater accuracy in its NX emulation on x86 architectures. ES has been compared to PaX on Wikipedia. Unless otherwise specified, full PaX with all features enabled except "Disallow ELF text relocations" will be discussed here.
PaX is a very feature rich technology. Instead of targeting a specific attack vector, PaX targets entire classes of exploits. Attacks using standard code injection are essentially impossible to successfully perform on a task running under full PaX restrictions; many of the more complex attacks are extremely difficult and often impossible to guarantee. Failed attacks result in the immediate termination of the program.
PaX guarantees that no memory is both writable and executable. The system administrator may deny all programs permission to use mprotect() to transition to a state where the page may be executed at any time after it could have been written to. It may emulate an NX bit to accomplish this; this is done on x86 with measurable but low overhead.
PaX also allows full Address Space Layout Randomization (ASLR). ASLR allows the stack, heap, mmap(), and even the .text of ET_EXEC executables to be mapped into randomly chosen bases in Virtual Memory (VM) space. In the absence of an information leak, an attacker would need to essentially guess at where any needed target data is in memory.
Some programs malfunction under PaX. Usually these programs expect behavior contrary to what PaX provides, and upon attempting to execute certain logic, PaX terminates them as if it had detected an exploit. PaX allows binaries to be "marked" with tools available to the system administrator to disable any individual protection supplied by PaX.
PaX was created by an anonymous author, originally supplying NX support based on an observation about the x86 architecture made by the plex86 project. Other features such as ASLR were implemented later. PaX first appeared in 2000, and was later incorporated into the grsecurity project. The PaX project supplies much documentation, and Wikipedia features an article about PaX.
Position Independent Executables
Position Independent Executables, or PIE, are executables compiled as Position Independent Code (PIC). PIC is usually slower than fixed position code; however, it can be easily relocated in memory. PIE allows the safe and efficient randomization of the base of executable binaries in VM by PaX or ES, preventing an attacker from knowing beforehand where preexisting code is in memory.
Compiling PIE binaries is done by passing gcc the -fPIC or -fPIE switches; linking them is done by passing -pie to gcc or to the linker. The -fPIE switch only works with gcc 3.4, but -fPIC will work for all. Regardless of which switch is used, the output is an executable ET_DYN binary.
Using PIE, the code in executable binaries suffers measurable overhead, the magnitude of which varies between CPU architectures. On x86, this is approximately 1%; whereas on x86_64, the overhead is approximately 0.01%. Because this overhead is not applied everywhere, it can usually be said to be negligible on any architecture in relation to PIE.
Deployment
Many security focused open source operating systems deploy these or similar technologies. OpenBSD supplies its own PaX-type system, W^X; OpenBSD also uses SSP; but apparently does not supply a PIE base. Hardened Gentoo and Adamantix supply PaX, SSP, and PIE; along with other, more visible technologies such as SELinux or RSBAC. It is left up to speculation why the most popular Linux distributions do not supply the transparent features, although there is effort to persuade Debian to use these, by the Debian: Secure by Default and the Hardened Debian projects.
New vulnerabilities
cyrus-sasl: remote buffer overflow
| Package(s): | cyrus-sasl | CVE #(s): | CAN-2004-0884 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 7, 2004 | Updated: | March 16, 2005 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | cyrus-sasl has a vulnerability involving a buffer overflow in the digestmda5.c file. A remote attacker may be able to compromise the system. Also, a local user may be able to exploit a vulnerability by using the SASL_PATH environment variable. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
ed: Insecure temporary file handling
| Package(s): | ed | CVE #(s): | CVE-2000-1137 | ||||
| Created: | October 11, 2004 | Updated: | October 13, 2004 | ||||
| Description: | ed insecurely creates temporary files in world-writeable directories with predictable names. Given that ed is used in various system shell scripts, they are by extension affected by the same vulnerability. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When ed is called, this would result in file access with the rights of the user running the utility, which could be the root user. | ||||||
| Alerts: |
| ||||||
gettext: Insecure temporary file handling
| Package(s): | gettext | CVE #(s): | CAN-2004-0966 | ||||||||||||||||||||||||
| Created: | October 11, 2004 | Updated: | March 1, 2006 | ||||||||||||||||||||||||
| Description: | gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
mysql: several vulnerabilities
| Package(s): | mysql | CVE #(s): | CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 11, 2004 | Updated: | April 6, 2005 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | Several problems have been discovered in MySQL. Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. (CAN-2004-0835) Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function. (CAN-2004-0836) Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall. (CAN-2004-0837) | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
ncompress: Buffer overflow
| Package(s): | compress uncompress ncompress | CVE #(s): | CAN-2001-1413 | ||||||||
| Created: | October 11, 2004 | Updated: | December 14, 2004 | ||||||||
| Description: | compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. By supplying a carefully crafted filename or other option, an attacker could execute arbitrary code on the system. A local attacker could only execute code with his own rights, but since compress and uncompress are called by various daemon programs, this might also allow a remote attacker to execute code with the rights of the daemon making use of ncompress. | ||||||||||
| Alerts: |
| ||||||||||
squid: denial of service vulnerability
| Package(s): | squid | CVE #(s): | CAN-2004-0918 | ||||||||||||||||||||||||||||||||||||
| Created: | October 7, 2004 | Updated: | November 8, 2004 | ||||||||||||||||||||||||||||||||||||
| Description: | Squid has a potential denial of service vulnerability and a problem with readable passwords due to incorrect permissions on the squid.conf file. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
tiff: buffer overflows
| Package(s): | tiff | CVE #(s): | CAN-2004-0803 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 13, 2004 | Updated: | April 12, 2005 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The tiff library contains several buffer overflows which may be exploited by way of maliciously-crafted image files. See this advisory for more information. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Resources
Secure programmer: Prevent race conditions (IBM developerWorks)
David A. Wheeler writes about the prevention of race conditions on IBM developerWorks. "Learn what a race condition is and why it can cause security problems. This article shows you how to handle common race conditions on UNIX®-like systems, including how to create lock files correctly, alternatives to lock files, how to handle the filesystem, and how to handle shared directories (and in particular how to correctly create temporary files in the /tmp directory). You'll also learn a bit about signal handling."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch is 2.6.9-rc4, which was released by Linus on October 10. Says Linus:
Changes in this set include a number of architecture updates, an ACPI update, Linus's kernel management style document, some networking tweaks, and lots of fixes. See the long-format changelog for the details.
Linus's BitKeeper repository contains a handful of serious fixes; it looks like very few patches will be accepted until 2.6.9 comes out.
The current prepatch from Andrew Morton is 2.6.9-rc4-mm1. Recent changes to -mm include the removal of lockmeter (it was interfering with some of the latency work), a buddy allocator rework, a number of reiserfs error handling improvements, and various architecture updates.
The current 2.4 prepatch is 2.4.28-pre4, released by Marcelo on October 8. The number of new patches is small; they include some networking tweaks, a serial ATA update, and various fixes.
Kernel development news
Quote of the week
Sod Off.
If you need it in writing and notarized, that could be arranged.
-- Al Viro, not tempted by Jeff Merkey's offer.
Approaches to realtime Linux
Using Linux systems for realtime tasks has long been an area of interest. In the last couple of weeks, a number of projects working to implement realtime response have posted their work. This article looks at the patches posted recently to get a sense for where the realtime projects are headed.
The realtime LSM
A relatively simple contribution is the realtime security module by Torben Hohn and Jack O'Quin. This module does not actually add any new realtime features to the kernel; instead, it uses the LSM hooks to let users belonging to a specific group use more of the system's resources. In particular, it adds the CAP_SYS_NICE, CAP_IPC_LOCK, and CAP_SYS_RESOURCE capabilities to the selected group. These capabilities allow the affected processes to raise their priority, lock memory into RAM, and generally to exceed resource limits. Granting capabilities in this way goes somewhat beyond the usual "restrictive hooks only" practice for security modules, but there have not been any complaints on that score.
MontaVista's patch
The event which really stirred up the discussion, however, was the posting of the realtime kernel patch set by MontaVista's Sven-Thorsten Dietrich. This highly intrusive patch attempts to minimize system response latency by taking the preemptible kernel approach to its limit. In comparison, the current preemption approach, which is considered to be too risky to use by most distributors, is a half measure at best.
MontaVista's patch begins by adopting the "IRQ threads" patch posted by Ingo Molnar. This patch moves the running of most interrupt handlers into a separate kernel thread which competes with the others for processor time. Once that is done, interrupt handlers become preemptible and are far less likely to stall the system for long periods of time.
The biggest source of latency in the kernel then becomes critical sections protected by spinlocks. So why not make those sections preemptible as well? To that end, the PMutex patch has been adapted to the 2.6 kernel. This patch implements blocking mutexes, similar to the existing kernel semaphores. The PMutex version, however, has a simple priority inheritance mechanism; processes holding a mutex can have their priority bumped up temporarily so that they get their work done and release the mutex as quickly as possible. Among other things, this approach helps to minimize priority inversion problems.
The biggest change is replacing of most spinlocks in the system with the new mutexes; the patch uses a set of preprocessor macros to turn spinlock_t, and the operations on spinlocks, into their mutex equivalents. In one step, most critical sections become preemptible and no longer are part of the latency problem. As an added bonus, the moving of interrupt handlers to their own thread means that interrupt handlers can no longer deadlock with non-interrupt code when contending for the same lock; that means that it is no longer necessary to disable interrupts when taking a lock which might also be used by an interrupt handler.
There are, of course, a few nagging little problems to deal with. Some code in the system really shouldn't be preempted while holding a lock. In particular, code which might be in the middle of programming hardware registers, the page table handling code, and the scheduler itself need to be allowed to do their job in peace. It is hard, after all, to imagine a scenario where preempting the scheduler will lead to good things. So a number of places in the kernel cannot be switched from spinlocks to the new mutexes.
The realtime patch attempts to handle these cases by creating a new _spinlock_t type, which is just the old spinlock_t under a newer, uglier name. The spinlock primitives have been renamed in the same way (e.g. _spin_lock()). Code which truly needs an old-style spinlock is then hacked up to use the new names, and it functions as before. Except for some files, where the developers were able to include <linux/spin_undefs.h>, which restores the old functionality under the old names. The header file rightly describes this technique as "a dirty, dirty hack." But it does make the patch smaller.
Needless to say, the task of sifting through every lock in the kernel to figure out which ones cannot be changed to mutexes is a long and error-prone process. In fact, the job is nowhere near complete, and the MontaVista patch is, by its authors' admission, marginally stable on uniprocessor systems, unstable on SMP systems, and unrunnable on hyperthreaded systems. But you have to start somewhere.
Ingo's fully preemptible kernel
Ingo Molnar liked that start, but had some issues with it. So he went off for two days and created a better version, which has been folded into his "voluntary preemption" series of patches. Ingo takes the same basic approach used by the MontaVista patch, but with some changes:
- The PMutex patch is not used; instead, Ingo uses the existing
kernel semaphore implementation. His argument is that semaphores work
on all architectures, while PMutexes currently only work on x86. It
would be better to hack priority inheritance into the existing
semaphores, and thus make it available to all of the current semaphore
users as well as those converted over from spinlocks. Ingo's patch
does not currently implement priority inheritance, however.
- Through some preprocessor trickery, Ingo was able to avoid changing
all of the spinlock calls. Preserving "old style" spinlock behavior
is simply a matter of changing the type of the lock to
raw_spinlock_t and, perhaps, changing the initialization of
the lock. The actual spin_lock() and related calls do the
right thing with either a "raw" spinlock or a new semaphore-based
mutex. Think of it as a sort of poor man's polymorphic lock type.
- Ingo found a much larger set of core locks which must use the true spinlock type. This was done partly through a set of checks built into the kernel which complain when the wrong type of lock is being used. With Ingo's patch, some 90 spinlocks remain in the kernel (in comparison, MontaVista preserved about 30 of them). Even so, thanks to the reworked locking primitives, Ingo's patch is much smaller than the MontaVista patch.
Ingo would like to reduce the number of remaining spinlocks, but he warns that a number of "core infrastructure" changes will be required first. In particular, code using read-copy-update must continue to use spinlocks for now; allowing code which holds a reference to an RCU-protected structure to be preempted would break one of the core RCU assumptions. MontaVista has apparently taken a stab at the RCU issue, but does not yet have a patch which they are ready to circulate.
Ingo continues to post patches at a furious rate; things are evolving quickly on this front.
RTAI/Fusion
Meanwhile, the real realtime people point out that none of this work provides deterministic, quantifiable latencies. It does help to reduce latency, but it cannot provide guarantees. A "realtime" system without latency guarantees may be suitable for a number of tasks, but it still isn't up to the challenge of running a nuclear power plant, an airliner's flight management system, or an extra-fast IRC spambot. If it absolutely, positively must respond within a few microseconds, you need a real realtime system.There are two longstanding Linux projects which are intended to provide this sort of deterministic response: RTLinux and RTAI. There is the obligatory bad blood between the two, complicated by a software patent held by the RTLinux camp.
The RTLinux approach (and the subject of the patent) is to put the hardware under the control of a small, hard realtime system, and to run the whole of Linux as a single, low-priority task under the realtime system. Access to the realtime mode is obtained by writing a kernel module which uses a highly restricted set of primitives. Channels have been provided for communicating between the realtime module and the normal Linux user space. Since the realtime side of the system controls the hardware and gets first claim on its resources, it is possible to guarantee a maximum response time.
RTAI initially used that approach, but has since shifted to running under the Adeos kernel. Adeos is essentially a "hyperviser" system which runs both Linux and a real-time system as subsidiary tasks, and allows the two to communicate. It allows a pecking order to be established between the secondary operating systems so that the realtime component can respond first to hardware events. This approach is said to be more flexible and also to avoid the RTLinux patent. Working with RTAI still requires writing kernel-mode code to handle the hard realtime part of the task.
In response to the current discussion, Philippe Gerum surfaced with an introduction to the RTAI/Fusion project. This project, which is "a branch" of the RTAI effort, is looking for a middle ground between the low-latency efforts and the full RTAI mode of operation; its goal is to allow code to be written for the Linux user space, with access to regular Linux facilities, but still being able to provide deterministic, bounded response times. To this end, RTAI/Fusion provides two operating modes for realtime tasks:
- The "hardened" mode offers strict latency guarantees, but programs
must restrict themselves to the services provided by RTAI. A subset
of Linux system calls are available as RTAI services, but most of them
are not.
- When a task invokes a system call which cannot be implemented in the hardened mode, it is shifted over to the secondary ("shielded") scheduling mode. This mode is similar to the realtime modes implemented by MontaVista and Ingo Molnar; all Linux services are available, but the maximum latency may be higher. The RTAI/Fusion shielded mode defers most interrupt processing while the realtime task is running, which is said to improve latency somewhat.
Processes may move between the two modes at will.
The end result is a blurring of the line between regular Linux processes and the hard realtime variety. Developers can select the mode which best suits their needs while running under the same system, and they can use different modes for different phases of a program's execution. RTAI/Fusion might yet succeed in the task of combining a general-purpose operating system with hard realtime operation.
In conclusion...
Whether any of the work described here will make it into the mainline kernel is another question. The preemptible kernel patch, which was far less ambitious, has still not been accepted by many developers. Removing most spinlocks and making the kernel fully preemptible will certainly be an even harder sell. It is an intrusive change which could take some time to stabilize fully. If a fully-preemptible, closer-to-realtime kernel does pass muster with the kernel developers, it may well be the sort of development that finally forces the creation of a 2.7 branch.
Another challenge will be building a consensus around the idea that the mainline kernel should even try to be suitable for hard realtime tasks. The kernel developers are, as a rule, opposed to changes which benefit a tiny minority of users, but which impose costs on all users. Merging intrusive patches for the sake of realtime response looks like that sort of change to many. Before mainline Linux can truly claim to be a realtime system, the relevant patches will have to prove themselves to be highly stable and without penalty for "regular" users.
Four-level page tables
Most Linux users probably have a sufficiently interesting life that they spend little time imagining how page tables are represented in the kernel. Many of those who do ponder on that issue may think in terms of a linear array which maps virtual addresses onto their corresponding physical addresses. This view of page tables is enough to understand the basic function that they perform, but the real situation is more complicated than that.A single array large enough to hold the page table entries for a single process would be huge. On a typical x86 system, a page table entry requires 32 bits, so 1024 of them (covering 4MB of virtual address space) can be stored in one page. If the virtual address space is 3GB (as it is on many x86 systems), 768 pages would be required to hold all of the page table entries. Allocating that much contiguous memory (for each process) would be impossible, even if that sort of memory overhead were tolerable.
The fact is that most processes only use a small portion of the total virtual address space - but the parts they use are widely scattered over that space. Program text lives down near the bottom, heap memory and dynamic libraries are distributed throughout the middle, and the stack is put up at the very top. So the real page table structure must handle a sparse, widely distributed set of virtual addresses without wasting excessive amounts of memory or requiring large, physically-contiguous arrays.
To that end, modern processors which use page tables use a hierarchical, tree structure. This structure allows the table to be broken up into individual pages, and the subtrees corresponding to unused parts of the address space can be absent. The Linux kernel works with a three-level structure which looks like this:
![[Page table tree]](https://static.lwn.net/images/ns/kernel/pagetables.png)
On an x86 system running in the PAE mode (only needed when more than 4GB of memory is installed), all three levels of page tables are present. The page global directory (PGD) contains only four entries, each corresponding to 1GB of virtual address space; the PGD is indexed using the top two bits of the virtual address. Each PGD entry points to a page middle directory (PMD), which holds 512 entries indexed by bits 21-29 of the virtual address. The PMD entry (if it is not empty) points to an actual page table. Using bits 12-20 of the virtual address to index into that page table yields the actual physical address of the page, assuming that page is currently resident in RAM.
The current 2.6 kernel implements a three-level page table for all architectures. As it turns out, the bulk of x86 systems will not be running in the PAE mode; on those systems, the hardware only supports two levels of page tables. The PGD holds 1024 entries (bits 22-31), each of which points to a 1024-entry page table (bits 12-21). For the benefit of the rest of the kernel, the page table access functions are set up to emulate the existence of a single-entry PMD, so these systems still appear to use a three-level page table.
The three-level design is wired deeply into the kernel. Any code which must manually map a virtual address into its physical counterpart must do something like this (error handling and other details omitted):
pmd = pmd_offset(pgd, address); pte = *pte_offset_map(pmd, address); page = pte_page(pte);
Similarly, any kernel function which affects a range of virtual addresses must implement a depth-first traversal of the relevant portion of the three-level tree. Most of these traversals of the page table tree have been isolated behind functions, but it is still surprising how many places are coded around the three-level assumption. But it all works fine, since the architecture-specific code makes it looks like all systems have three-level page tables.
The only problem is that some hardware actually supports four-level tables. The example which is driving the current changes is x86-64. The current x86-64 port emulates a three-level architecture by using a single, shared, top-level directory ("PML4") and fitting (most of) the virtual address space in a three-level tree pointed to by a single PML4 entry. It all works, but it limits Linux processes to a mere 512GB of virtual address space. Such limits are irksome to the kernel developers when the hardware can do more, and, besides, somebody is likely to release a web browser or office suite which runs into that limit in the near future.
The solution is to shift the kernel over to using four-level page tables everywhere, with the fourth level emulated (and optimized out of existence) on architectures which do not support it. Andi Kleen has posted a four-level page tables patch which implements this change. With Andi's patch, the x86-64 architecture implements a 512-entry PML4 directory, 512-entry PGD, 512-entry PMD, and 512-entry PTE. After various deductions, that is sufficient to implement a 128TB address space, which should last for a little while.
The actual patch works as one might expect; code which currently handles three-level page tables is extended to deal with the fourth level. There is a default PML4 implementation which can be included by architectures which do not have four-level tables; that should make porting most architectures to the new scheme relatively easy. That work is likely to happen in the near future, after which Andi has stated his intention to get the four-level patch merged into the -mm tree. Andrew Morton has already said (at the kernel summit) that he would consider merging such a patch. Your Linux system may be running with four-level page tables in the near future.
InfiniBand: a proprietary standard?
Greg Kroah-Hartman recently expressed some concerns about the InfiniBand specification. It seems that, if you are not a member of the InfiniBand Trade Association, a copy of the specification will cost $9500 - and it requires signing a license which reads:
Such language raises the obvious question: how can anybody write or distribute a free InfiniBand implementation after having signed that sort of license? Things get worse when one looks at the IBTA membership agreement (PDF):
The Member and its Affiliates retain the independent right to grant or withhold a nonexclusive license or sublicense of patents containing Necessary Claims to non-Members on such terms as the Member may determine.
(Emphasis added). The InfiniBand standard, in other words, is allowed to contain patented technology, only IBTA members must be given the opportunity to license any patented technology, and only under "reasonable terms and conditions." If said "reasonable terms and conditions" included the right to distribute code under a free license, one would assume those who wrote the agreement would have seen fit to say so.
The end result is that InfiniBand looks like a closed, proprietary standard, and not something which can be supported in free software. Greg asked, flat out:
In response, there have been some "we don't think it's a problem" mumblings, but nothing that looks like a real answer to this question. Until this all gets straightened out, anybody considering using InfiniBand with free software may well want to think about alternatives.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
A First Look at Specifix Linux
With new Linux distributions being created just about every week, very few of them end up making headlines on Linux news sites. Specifix Linux, first announced in July this year, was different for two reasons. Firstly, it was founded by well-known former executives at Red Hat, Inc. - Erik Troan and Kim Knuttila, and joined by two more ex-Red Hat software engineers - Michael K. Johnson and Matt Wilson. Secondly, Specifix Linux was to be built around a new package management system, called "Conary".Upon hearing the words "new package management", many readers will probably react with a "oh, no - not another one", fearing further incompatibilities and fragmentation in a market already split between RPMs, DEBs, TGZs, ebuilds, and many other "novel" ideas. But the fact that Conary was being coded by several high-profile developers, with extensive experience in helping to build Red Hat Linux, did arise more than just slight curiosity among many Linux users. After all -- and let's be honest about it -- the RPM package manager was created in 1995, when it was a radical idea that helped Red Hat gain converts from the then dominant Slackware Linux, but is it still the best we have, some nine years later? Isn't there a better, more universal way of managing software on a Linux distribution?
Enter the world of Specifix Linux and Conary. Since the original announcement, the project has been moving along at a rapid pace, producing new ISO images on a (more or less) weekly basis. The latest version of Specifix Linux is 0.11, complete with a graphical installer (Anaconda) and inclusive of Linux kernel 2.6.8, X.org 6.8.0, GNOME 2.8 and the usual range of software packages on two CDs, with more available on the distribution's FTP repository. At first sight, there isn't much unusual about this distribution - that's until one starts examining its star application: Conary.
In the words of its developers, Conary is a distributed software management system for Linux distributions meant to replace traditional package management solutions (such as RPM and dpkg). It operates around two principal characteristics - shadows and changesets. Shadows provide a simple way of maintaining customizations in applications and libraries that change often - a common feature of most open source work these days. While in the traditional package management model, any newly introduced package version would have to have any customizations manually applied after each upgrade, shadows allow for individual maintenance of the original package, and its customization. This is done by keeping the customization as a separate component of the "Conary package", or "trove" in Conary-speak, together with other components, instead of merging all customizations into the package itself.
The above process is further facilitated by the use of changesets. In a traditional package management system, any package upgrade will mean that all files present in the original package will be replaced with files in the upgraded package, irrespective of whether the files have changed or not. This represents unnecessary overhead in terms of hard disk storage, processor use, and, if the upgraded package is fetched from a remote repository, bandwidth use. On the other hand, the concept of changesets, as implemented in Conary, merely fetches and upgrades those files that have been modified upstream. An interesting indication of this feature's intelligent design is the fact that the changesets are not cached on the Specifix FTP server, but rather generated dynamically with every remote request, depending on the version of the package already installed on the system and the desired version of the upgraded package.
The concepts of shadows and changesets are not particularly easy to explain in a couple of paragraphs, but further understanding can be gained from white papers published by Specifix and available in PDF formats on the Specifix Wiki pages. Additionally, investigating the structure of troves and their components within conary-gui (a GTK2-based graphical frontend for conary, see screenshot) will further clear things up. However, it is important to stress that much of these technical details will only be relevant to developers and system administrators, rather than end users of the distribution. [Editor's note: see also LWN's description of Conary from last July.]
Despite the many sound concepts and rapid development progress, the Specifix Linux is still alpha status. The code powering Conary has not been optimized for speed and in its current state, it feels sluggish, especially when using its GUI frontend. It also misses essential features found in other graphical package management tools (Conectiva's Synaptic comes to mind), such as package searches, remote repository definitions, listings of dependencies, etc. These will likely be added in time, but right now the application feels rather bare-bone.
Once you start comprehending the basic concepts of Specifix Linux, it is easy to understand the company's sales line, which revolves around the term "customization". While users of other enterprise distributions are often unable to customize the purchased software to fit their needs without invalidating the accompanying support contract, with Specifix Linux, and its idea of maintaining all customizations separately from the base product, this is no longer an issue. The customers will maintain their own customizations, while Specifix will continue providing support for the base system. It should be a win-win situation for both parties, at least in theory.
Distribution News
Linux Fun and Entertainment - StartCom MultiMedia Edition
StartCom has released it's third Linux distribution - the StartCom MultiMedia Edition. This is targeted to teenage home users and includes various Peer-To-Peer applications, a Multimedia Center (Xine) and DVD / CD burning tools, and more.Ubuntu Linux
Ubuntu 4.10 RC -- Codenamed "The Warty Warthog Release" (warty) is now available. "This release candidate contains a snapshot of Ubuntu that the Warty team thinks is ready to release. We believe this release is potentially the final Warty release, and are calling it a Release Candidate to encourage very widespread testing."
Ubuntu is also available as a live CD.
Fedora
Fedora Core 3 test 3 is now available. This is the last planned test release before the final FC3 release. This release provides an opportunity to check the accuracy and completeness of translations, preview Evolution 2.0.1 and GNOME 2.8 and more.Fedora Core 2 updates:
- pango: (upgrade to 1.4.1)
- pcmcia-cs: (fixes init script problems)
- gimp: (rebuild for FC2)
- tzdata (updates for Brazil, Uruguay and Argentina)
- libuser (many bug fixes)
- system-config-users (updated translations, bug fixes)
Debian GNU/Linux
The Debian Weekly News for October 12, 2004 is now available. The debian-installer is now available in 40 languages, there's a look at the 2003 SPI annual report, Debian themes and the updated Developers Reference, and several other topics in this issue.
DebianGis is a recently launched
sub-project. "The goal of DebianGis is to create a Custom Debian
Distribution oriented to serious Geographical Information Systems (GIS)
users and applications.
"
The developers reference has received some much needed updates recently, including a chapter about i10n, information on wnpp usage, and more.
A recent upgrade of the Z/VM of the S/390 machine caused some problems which will slow down security support for woody and sarge. If you are having problems building S/390 packages, this may provide some answers.
Here's this week's woody update as preparation continues for Debian GNU/Linux 3.0r3.
LinuxQuestions.org Adds Officially Recognized Suse Linux Forum
LinuxQuestions.org has announced (click below) that it now hosts an officially recognized forum for SUSE Linux.Gentoo Weekly Newsletter 11 October 2004
The Gentoo Weekly Newsletter for the week of October 11, 2004 is out. This week's issue notes that there are now over 100,000 files in Portage; Freescale Semiconductor, Inc., a Motorola company, has donated 10 PegasosPPC desktops to the project; the return of the Turkish GWN; and more.DistroWatch Weekly, Issue 70
The DistroWatch Weekly for October 11, 2004 features Aurox Linux, and covers Mandrakesoft awards, Ubuntu momentum and more.Slackware Linux
Those keeping up with slackware-current will have noticed the updated packages this week, including: util-linux, doxygen, guile, gst-plugins, gstreamer, slrn, ImageMagickudev, getmail, netatalk, fvwm and gaim. Glibc has been updated from CVS. Also new rsync packages are available for all supported Slackware releases.
Minor distribution updates
2-Disk Xwindow embedded Linux
2-Disk Xwindow embedded Linux has released v1.2.13 binary of its 1 disk product. "Changes: There are lots of updates in this release with the addition of a paint application, a calculator, changes to video mode defaults, and many minor script changes. There were also dependancy reductions, fixes for bugs in desktop apps, and window manager enhancements in property change handling. The kernel is now version 2.4.27."
BasicLinux
BasicLinux has released v3.32. "Changes: Major improvements were made to X. AbiWord, Sylpheed, and Xfreecell now work. More space is available in the loop file."
BLAG Linux And GNU
The webserver hosting BLAG Linux was seized by the US government. Details are very sketchy, but it appears that the seizure was related to Indymedia, which was on the same box. BLAG should be back by the time you read this. More information is available at jeblog.Rock Linux
Rock Linux has jumped on the live CD bandwagon. "The current default package selection uses the minimal-desktop template, which incorporates a full KDE desktop and some other apps like mplayer, xine, etc. Of course this package selection can be altered to fit your needs. In the default configuration the system takes up only about 400 MB, so there's still some space left."
uClinux/Coldfire
Linux/Coldfire has a new uClinux port available for the Motorola Coldfire family of processors, version 20040930. "Changes: The 2.6 series Linux kernel is now used and the source code can be compiled with either GCC 2.95.3 or 3.3-based compilers. Support for C++ applications was improved and excellent PIC support was implemented for reducing memory usage. The whole environment, kernel, and applications are now all very stable. Networking, IP masquerading, and dial-on-demand are working well, and a port of FreeS/WAN IPsec was added. NFS and SMB filesystems are supported and a DHCP client was included in the default network setup."
Distribution reviews
Introduction to Rubyx Linux (OSNews)
OSNews reviews Rubyx. "R is for Ruby: rubyx is one large script written in Ruby (programming language comparable to Python). This script manages all aspects of running the system: installation, configuration, booting, managing services, adding and updating software, and even creating isos. The details of installation for all packages - Rubyx ebuilds, if you like - are small Ruby scripts as well."
SUSE 9.2 Is For Newbies, Laptops (Techtree.com)
Techtree takes a quick look at SUSE LINUX Professional 9.2. "In version 9.2, Suse Linux Professional offers Bluetooth wireless support including automatic recognition of Bluetooth-enabled devices via the YaST central configuration and administration tool. Bluetooth configuration can be easily set up through YaST, and the software also makes it easy to connect to and move between wireless LANs and other network connections. Its advanced power management through ACPI (Advanced Configuration and Power Interface) and suspend-to-disk features also make it easy for laptop users who require the increased mobility this affords."
Page editor: Rebecca Sobol
Development
The Nvu Web Authoring System
Nvu (pronounced N-view) is a graphical web authoring application from Linspire. Nvu is intended to be an open-source alternative to Microsoft FrontPage and Macromedia Dreamweaver, it is designed for the non-technical user. It is an open-source project, the code has been released under an MPL/LGPL/GPL tri-license. Daniel Glazman, the chief architect for Mozilla Composer, has been contracted by Linspire to be the lead developer and maintainer for the Nvu project. Nvu is based on the Mozilla Composer code, it relies on the Gecko layout engine for rendering HTML.
![[Nvu]](https://static.lwn.net/images/ns/nvu.png)
The main features of Nvu include:
- WYSIWYG web page editing.
- Creation of HTML code that works with most popular web browsers.
- Tabbed editing for working on multiple pages simultaneously.
- Independent undo/redo stacks for each tabbed window.
- HTML form, table, and template support.
- Support for Stylesheets.
- Integrated FTP file management for working remotely from the web server.
- An Nvu Site Manager GUI for managing web files and directories.
- A Color Picker GUI for visually selecting colors.
- A user-customizable toolbar for adding shortcuts.
- Extensibility via JavaScript add-ons.
- Support for calling the W3C's HTML validator.
- Support for the XHTML Friends Network (XFN).
It include several enhancements in addition to: syntax highlighting, inbuilt spell checker, better horizontal and vertical rulers, Bidi control, smaller windows installer(6.5MB), etc."
The Nvu project FAQ explains the project in more detail. As with most GUI software, the screenshots reveal much of what the underlying code has to offer.
Linspire is planning on merging Nvu back into the main Mozilla CVS tree. The source code and a few binary distributions of Nvu are available here. It should be noted that the installation process for the binary tar file distributions is not well documented. A standard README file would be welcomed, as would .deb and .rpm files.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include new versions of Qsynth, Qjackctl, ZynAddSubFX, Phat, and Specimen. Also, there is a new In the pipeline page that chronicles the project development.
Database Software
libgda/libgnomedb 1.1.99 released
Version 1.1.99 of libgda/libgnomedb, a framework for developing database-oriented applications on GNOME, is out with lots of changes and bug fixes.PostgreSQL Weekly News
The PostgreSQL Weekly News for October 11, 2004 is available with the week's PostgreSQL database articles.ZODB 3.3 final released
Final version 3.3 of ZODB, the Zope Object Database, is out. "Since 3.3c1, some small fixes were made on code paths unique to Zope 2.8 usage (code not used by Zope X3, Zope 3, or by ZODB itself). And thanks to a 1-character change noted by Andreas Jung, the sizes of network messages exchanged between ZEO clients and servers are smaller now, up to a factor of 4 improvement in extreme cases."
Embedded Systems
uClinux as an Embedded OS on a DSP (Linux Journal)
Michael and Juergen Hennerich explore the use of uClinux on a DSP platform in a Linux Journal article. "A uClinux Blackfin Processor development environment consists of the GNU Compiler Collection (GCC cross compiler) and the binutils (linker, assembler and so on) for the Blackfin Processor. Additionally, some GNU tools such as awk, sed, make and bash, plus Tcl/Tk are needed, although they usually come as part of basic desktop Linux distributions."
Libraries
GLib 2.4.7 released
Version 2.4.7 of GLib, a low-level core library for GTK+ and GNOME, is out with bug fixes, documentation updates, and improved translations.liboggz 0.8.5 Released
Version 0.8.5 of liboggz, a library for reading and writing Ogg files and streams, is out. Changes include the new oggzmerge tool, the OggzReadPage API, seeking improvements, a seek-stress example program, bug fixes, and more.
Web Site Development
Quixote 1.2 released
Version 1.2 of Quixote, a web content management framework, is out. The CHANGES file lists one bug fix.Zope X3 3.0.0 RC 2 released
The second release candidate for Zope X3 3.0.0 is out with bug fixes. "Zope X3 is the next major Zope release and has been written from scratch based on the latest software design patterns and the experiences of Zope 2. The "X" in the name stands for "experimental", since this release does not try to provide any backward-compatibility to Zope 2."
ZopeMag Weekly News
Issue #44 of the ZopeMag Weekly News is online with the latest Zope and Plone news.Google Your Site For Security Vulnerabilities (O'Reilly)
Nitesh Dhanjani uses Google to uncover web site vulnerabilities. "If Google stumbles across data that may expose sensitive information about your organization, Google will not hesitate to index it. The search engine does not discriminate against data it indexes. How can you tell if your secrets have gone public? You can use Google to your advantage with some specific search queries."
Desktop Applications
Audio Applications
QjackCtl 0.2.12 released!
Version 0.2.12 of QjackCtl, the Qt/GUI frontend for the JACK Audio Connection Kit, is out. Changes include display effect toggling changes, usx2y driver support, scaled connections/patchbay icons, new setup options, bug fixes, and more.
Calendar Software
Calendar and Sunbird Help Project Launched (MozillaZine)
MozillaZine has an announcement for the new CalendarHelp project. "Users of Mozilla Calendar and Sunbird, the standalone calendar, may be interested in the new CalendarHelp project at mozdev.org. Launching this week with a prototype for Sunbird only, the new project aims to provide end-user help for all Calendar's versions, platforms and languages. Expect to see prototypes for Thunderbird, Firefox and Mozilla Application Suite over the coming weeks. The project is currently looking for writers, reviewers and translators to contribute to the content."
Desktop Environments
KDE 3.3.1 released
The KDE Project has released KDE 3.3.1. This is a maintenance and bugfix release; there's not a whole lot of new features. The KDE 3.3.1 changelog has the details.KDE-CVS-Digest (KDE.News)
The October 8, 2004 edition of the KDE-CVS-Digest is online, here's the content summary: "KSpread improves Gnumeric export filter. Krita adds a crop tool. Kexi adds database command line options. gmail.google.com now works in Konqueror. Kicker clock supports NTP. Whither DBUS and KDE?"
Thesis about Kolab, Task Juggler IDE, Helix-Qt, Blast from the Past (KDE.News)
A new KDE Quickies article looks at Kolab, Task Juggler IDE, Helix-Qt, and more.
Desktop Publishing
JabRef 1.55 released (SourceForge)
Version 1.55 of JabRef, a BibTeX database GUI application, has been announced. "Highlights include (configurable) preview with and without abstract, remote Medline search, CiteSeer support, a new dialog for easily creating entries from plain text, a new panel for the Abstract in the entry editor, and numerous usability improvements. And, as usual, many bug fixes."
Electronics
Open Collector Releases
Open Collector Releases The latest new electronics applications on Open Collector include Oregano 0.3.2, GRLIB IP Library Beta 0.11, and Icarus Verilog 20041004.
Financial Applications
jPOS 1.4.8 has been released (SourceForge)
Version 1.4.8 of jPOS has been released. "jPOS is a Java[tm] based financial transaction library/framework that can be customized and extended in order to implement financial interchanges. This new version represents over an year of hard work that include bugfixes, performance tuning, new components, new TransactionManager framework, etc."
Games
EntityForge 0.2.1 released
Version of EntityForge, a 3D graphical media display, animation and manipulation tool, has been released. Changes include an improved model part selection UI and a new md3 loader.gnome-games 2.8.1 is out
Version 2.8.1 of gnome-games is available "There are no new features, merely bug fixes and translation updates. Unless you are experiencing problems there is no need to upgrade."
GUI Packages
GTK+ 2.4.13 released
Version 2.4.13 of GTK+ is out. "This is a bug fix release and is source and binary compatible with 2.4.0. This quick release was necessary to fix some size allocation problems in 2.4.11."
Gtk2-Perl 2.8.1 is out
Stable version 2.8.1 of Gtk2-Perl, the Perl bindings to GTK+, is out. Changes include code cleanup, build fixes, documentation improvements, and more.wxWidgets 2.5.3 is out
Version 2.5.3 of wxWidgets, a multi-platform GUI toolkit, has been released. "This is an unstable development snapshot, for people interested in the new features in the development branch and prepared to put up with glitches that may not occur in the stable release."
Interoperability
Wine Traffic
The October 8, 2004 edition of Wine Traffic is available with the latest Wine project news.
Multimedia
GStreamer 0.8.7 released
Stable version 0.8.7 of GStreamer, a streaming multimedia framework, is out with bug fixes.
Music Applications
QSynth 0.2.2 released
Version 0.2.2 of QSynth, a Qt/GUI frontend for Fluidsynth, is out with numerous changes and bug fixes.
Office Applications
Gnumeric 1.3.91 announced
Version 1.3.91 of the Gnumeric spreadsheet is available. "I would have liked to characterise this as just stabilisation release, but there is more in here than bug fixes. Yaacov Zamir and Morten cleared out lots of old code and synced the cell printing to use the same pango generation we used for display. While that was going on Emmanuel added some nice eye candy to the plots, grid lines. I was surprised by how much they add to the charts. The docs are also shaping up nicely. Adrian could probably use some editorial/proofreading help folks."
gcalctool v4.4.20 announced
Stable version 4.4.20 of gcalctool, the default GNOME desktop calculator, is out. This release coincides with GNOME 2.8.1 and adds some translation updates.
Office Suites
OpenOffice.org Is Four Today
OpenOffice.org is celebrating its fourth birthday. "Tens of millions use the application daily; millions visit the project website monthly; thousands contribute to the project. There have been at least 31 million downloads since the project began--and that is not counting the millions registered by Red Hat, SuSE, or Mandrake Linux, which include OpenOffice.org in their distributions."
Web Browsers
Epiphany 1.4.3 released
Version 1.4.3 of the Epiphany browser has been released, it features bug fixes. Epiphany 1.4.4 was also announced this week, it features more bug fixes.
Miscellaneous
Dowser version 0.26 released (SourceForge)
Version 0.26 of Dowser, a multi-platform web search assistant, has been released. "Version 0.26 brings editable search filters such as "no shopping" and "no blogs". This version adds Teoma to the search engine list; there is also a working German translation. Added options to allow remote clients."
GNOME CPU Frequency Scaling Monitor 0.3.1
Version 0.3.1 of the GNOME CPU Frequency Scaling Monitor is available with bug fixes.The Latex Beamer Class Version 3.00 is out (SourceForge)
Version 3.00 of the LaTeX beamer class, a class for creating video projector presentations, is available. "Most importantly, this new version comes with a very much improved theming mechanism. You can now change every aspect of your presentation easily and independently of everything else."
PasswordSafe 2.06 released (SourceForge)
Version 2.06 of PasswordSafe has been released. "Password Safe is a password database utility. Users can keep their passwords securely encrypted on their computers. A single Safe Combination unlocks them all. This release has some nice new features, and a few minor bug fixes."
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for October 5-12, 2004 is online with the latest Caml language information.
Java
Using the ASM Toolkit for Bytecode Manipulation (O'ReillyNet)
Eugene Kuleshov introduces the ASM Toolkit on O'Reilly. "ASM is making inroads in the Java bytecode manipulation community--it's used by Groovy, AspectWerkz, BeanShell, and others--because of its light weight and good performance."
Bridging the Gap: J2SE 5.0 Annotations (O'ReillyNet)
Kyle Downey explores Annotations in an O'Reilly article. "Annotations, a means of providing your own metadata for your code, are among the major features of J2SE 5.0, but you don't have to move to 5.0 to use them. Kyle Downey introduces annotations and their implementation in several Java 1.4-compatible forms."
Ease Swing development with the TableModel Free framework (IBM developerWorks)
Michael Abernethy explores the TableModel Free framework on IBM developerWorks. "This article introduces the TableModel Free (TMF) framework which eliminates the need to use TableModels with Swing JTables. The TMF framework allows for more configurable JTables by moving all of table-specific data outside of the compiled code and into a configurable XML file. Framework developer and Java UI enthusiast Michael Abernethy walks you through TMF framework, helping you reduce the size of a TableModel from hundreds of lines of code to just a single line, making management a snap."
Perl
Parrot 0.1.1 released! (use Perl)
Version 0.1.1 of Parrot has been announced. Changes include initial Python support, improved PIR syntax, reworked dynamic loading, library improvements, IA64 and hppa JIT support, bug fixes, and more.This Week on perl5-porters (use Perl)
This Week on perl5-porters for September 25 - October 3, 2004 has been published. Here's the content summary: "The new P5P summarizer is Scott Lanning. Read on for his latest summary, which is, in fact, his second one. In order to catch up with the Perl 5 development, he also wrote a summary for the month of september."
This Week on perl5-porters (use Perl)
The October 10, 2004 edition of This Week on perl5-porters is online with the following content summary: "New week, new summary, from the hands of our newly recruited summarizer. This time, thoughts on cross-compilation, threads, BSD, scary internals stuff, and other things."
Python
Dr. Dobb's Python-URL!
The October 11, 2004 edition of Dr. Dobb's Python-URL! is out with the week's Python article links.
S
Statistical programming with R: Part 2 (IBM developerWorks)
IBM developerWorks looks at finding and analyzing anomalies using R. "True to its functional programming heritage, you can do most everything you want to do in R using plain declarative statements. Two features of R make imperative flow control superfluous in most cases. In the first place, you have already seen that most operations on collection objects work elementwise. There is no need to manually loop through a vector of data to do something to its elements, as you can simply do something to all the elements of a vector..."
Tcl/Tk
Dr. Dobb's Tcl-URL!
Dr. Dobb's Tcl-URL! for October 11, 2004 is out with the week's Tcl/Tk news and resources.
XML
Discover the flexibility of Schematron abstract patterns (IBM developerWorks)
Uche Ogbuji digs into Schematron on IBM developerWorks. "If you have the basics of an XML format in mind, but know that you will not be able to get everyone at the table to agree to every detail of the schema, consider Schematron abstract patterns. Schematron is probably the most powerful XML schema language available (and it can be much more than just a schema language). Its advanced features, especially abstract patterns, allow for schemata that you can quickly adapt to multiple variants of XML formats. This opens up extraordinary possibilities for XML schema, including the abilities to restrict XML formats and to make them generic and adaptable as well."
Not Evil, Just Smelly (XML.com)
Edd Dumbill discusses Ted Nelson's XML is Evil essay on O'Reilly. "Nelson's article argues that inline markup, such as SGML and XML, is problematic. His alternative model comprises three layers: content, structure, and presentation. This is not coincidentally the model used by Xanadu, the hypertext system designed by Nelson and others. Xanadu's hypertext model is a closed world, where links never break, supporting copyright and version-management features. It sounds ideal. It is also widely unimplemented."
Editors
gedit 2.8.1 released
Version 2.8.1 of gedit, the official text editor for the GNOME environment, is out. Changes include bug fixes and more.GHex 2.8.0 released
Version 2.8.0 of GHex, a hexidecimal editor, has been released. "A rather large amount of bugs has been squashed since 2.6.1, the preferences dialog's "Help" button now works, entry fields in dialogs are checked for sanity more strictly, handling of URIs when doing drag'n'drop has been fixed and the UI has been polished a bit." The find and replace dialog has also been improved.
IDEs
Treebeard version 0.9.0 released (SourceForge)
Version 0.9.0 of Treebeard, a cross-platform XSLT IDE written in Java, has been released. "This latest version has a major UI overhaul and also includes the BSH bean shell for your scripting pleasure".
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Open-sourcing accelerates Open-Xchange development (News.com)
News.com reports on benefits that Netline reaped from open-sourcing its Open-Xchange e-mail server. "Frank Hoberg, the chief executive officer of Netline, said this release shows the open-source business model works. He said the company had been able to significantly speed up development by collaborating with the open-source community. "If we had done everything for this release ourselves--the development and testing--it would have taken 10 times longer," Hoberg said."
Patents - An Alternative View (Groklaw)
Groklaw presents an alternate view on software patents. "I received an email from Craig A. James, a software architect, who wishes to express an alternative view on patents. Because he believes it is unrealistic to ask that there be no software patents, he suggests alternatives. His reform proposals make so much sense I am happy to publish his article. Craig specializes in software design and architecture for scientific systems. His best-known project was a special-purpose database specific to chemistry that revolutionized the cheminformatics industry."
Q&A: Linus Torvalds, inventor of Linux (Seattle Times)
The Seattle Times interviews Linus Torvalds about his move to Portland. "Q. Do you see Portland emerging as a hub for Linux development? A. I personally think of Linux development as being pretty non-localized, and I work with all the people entirely over e-mail -- even if they happen to be working in the Portland area. So I really don't think of it that way. That said, there is clearly a fairly lively Linux community in Portland, and I'm not contesting that, either."
Trade Shows and Conferences
Web 2.0: Possibly the best IT business conference of 2004 (NewsForge)
NewsForge attends Web 2.0. "Google offered rare insight into its closely guarded Linux server farm by previewing its next steps to improve Web search -- all built around clustering technology. Peter Norvig, Google's director of search quality, said the company is "trying to go just beyond keywords and the linking structure of the Web and get behind the deeper meaning.""
The SCO Problem
SCO's McBride warns of open source 'wild west' (NW Fusion)
Darl McBride rides again: Network World Fusion reports from a talk he gave in Cannes. "As he fights a prolonged legal battle on several fronts, McBride has positioned himself as a de facto champion of IP protection amid growing threats from free, open source development. 'SCO's market share has dropped from 40% to 10%. ... We are under attack from what I call 'hurricane Linux,'' McBride said. However, he praised companies that have commercialized Linux, such as Red Hat."
Declarations of Vuksanovich, McDonough, Nelson, Swanson, Kistenberg, Frasure and Green (Groklaw)
Groklaw reviews the declarations of seven people, submitted by IBM in the SCO case. "Significantly, four of them are (or were at relevant time periods) AT&T employees. The unanimity with which they speak seems to pull the rug out from under SCO. How can they ask for intermediate AIX versions and comments to try to trace code from UNIX System V to AIX to Linux, if the end result has no original System V code in it, when everyone who was there negotiating and signing the licensing agreements testifies that IBM and Sequent were free to do as they pleased with their own code, including modifications and derivative code, as long as no System V code remained?"
Companies
Polese steps into open-source fray (News.com)
News.com covers a new company called SpikeSource. "SpikeSource plans to offer a range of services to corporations looking to use open-source software. Services will include support and product certification as well as consulting for corporate IT staff during the application development and installation process, according to the company."
Netscape's DevEdge Offline (MozillaZine)
MozillaZine covers the recent shutdown of the Netscape web developer resource site. "Netscape yesterday seemingly shut down their web developer resource, devedge.netscape.com, without warning. There was a great deal of content available on the site, and Mitchell Baker today posted that mozilla.org is going to try and recover the lost content. For those who are looking for some specific content on the site, much of it has been archived on Google."
McNealy: Microsoft needs Sun to beat IBM and Red Hat (Register)
The Register covers comments by Sun's CEO Scott McNealy on the recent cooperation between Microsoft and Sun. ""Who else are they going to choose as their second source? You know, Sun and Microsoft aren't that competitive. We don't do MSN, we don't do Xbox, we don't do applications. They don't do computers, storage or infrastructure." "They weren't going to do it with Larry (Oracle). They weren't going to do it with IBM. They can't stand IBM. They at least respect us. They really don't like IBM. And they hate the GPL.""
Evil of September 2004 (O'ReillyNet)
Danny O'Brien's To Evil! column for October looks at last month's bad guys. "Those with long memories will recall how a few years ago Sun released their own version of Linux - which turned out to be mostly a global-search-and-replaced version of Redhat's CD. So is Sun copying everything from Redhat, including their advertising strategy? Or is it just that Sun themselves confused Linux with Redhat so much, that it's all gone a little fuzzy over there?"
Linux Adoption
cat/dev/DiBona/brain: LAMP to WAMP to XAMP to SOFT (Linux Journal)
Chris DiBona writes about open source adoption on Linux Journal. "Many have credited Firefox with re-igniting the browser wars and giving Microsoft Internet Explorer a run for its money. Along the same lines as LAMP, these applications and others--such as GAIM, the terrific multi-protocol instant messaging program, and the GNU Image Manipulation Program (The GIMP)--all run pretty happily on Windows. And although OpenOffice.org could be a bit smoother on OS X, progress there too is coming along. It is my hope that as more users try and settle on these fine applications, they'll be driven to try Linux out for size as well."
Will Linux finish off the Mac? (ZDNet)
ZDNet looks forward to when Linux will surpass OS X. "The premium cost of Apple hardware hurts and OS X only runs on Apple hardware. Let me remind you that none of this is really about whether you should switch to OS X or not. Its about what happens when desktop Linux reaches that point where it provides an experience that meets or beats the one that that sets the standard for *ix-based desktop operating systems: OS X. When it does--and I dont doubt that it will--Apple will be in a real pickle because of the hardware 'problem.' Users will have significantly more hardware options for running desktop Linux and the likelihood that theyll find something to meet their needs in terms of cost and form factor will be excellent."
Legal
U.S. House Passed Anti-Spyware Bill (eWeek)
eWeek reports that the U.S. House of Representatives has passed a bill that targets spyware and phishing schemes. "The bipartisan Internet Spyware (I-SPY) Prevention Act of 2004, passed by a vote of 415-0, is intended to punish spyware without placing undue burdens on legitimate uses of the same or similar technology. The bill, H.R. 4661, was sponsored by Reps. Bob Goodlatte (R-Va.), Zoe Lofgren (D-Calif.) and Lamar Smith (R-Texas)."
Senate Talks Fail on File-Sharing Software (Newsday)
Newsday reports that the INDUCE act is dead - for now. "The chief executive for the Recording Industry Association of America, Mitch Bainwol, acknowledged Thursday that negotiations need more time. 'So long as illegitimate peer-to-peer services hijack a positive technology and intentionally offload their legal liability to America's kids, legislation will be a priority for the creative community,' Bainwol said."
Sun and Kodak Settle for $92 Million (Groklaw)
Groklaw reports that Sun has settled the patent suit with Kodak, agreeing to pay $92 million. "It's a good thing I don't work for Sun. I'd be threatening to quit half the time. I was hoping they would appeal, but no doubt they are thinking of the bottom line, not the big picture, and that is exactly the problem with patents on software. No one can afford to lose a patent lawsuit, so everything is slowly shutting down."
Interviews
Staying on the cutting edge (The Age)
The Age has a long talk with Theo de Raadt. "OpenBSD was about to be born. "And so on a certain day, having exhausted all of my options, and exhausted the community, and having found other people who, like me, had struggled with the NetBSD people, to get me back in, I create a repository, and we start committing like a storm. And all these other people who had been disenfranchised by these NetBSD developers while I was there, join up immediately.""
Network Tool Development with hping3 (O'Reilly)
O'Reilly interviews Salvatore Sanfilippo, author of the hping security tool. "From the user point of view, hping3 should be both simpler and more powerful, assuming that there will be two different classes of users. Programmers will be able to exploit the full power of a real programming language and a flexible packet construction/analysis sytem. On the other hand, it should be much easier for nondevelopers [to] run hping3 scripts developed by others than to use hping2. For example, one could develop a hping3 script to audit a firewall without doing all the common stuff by hand."
Resources
Open Source and Free Documentation Licenses, Part 2: The Open Publication License (O'ReillyNet)
O'ReillyNet looks at the Open Publication License. "The Open Publication license in its "standard" form (that is to say, without any of the additional restrictions that may be added, as described in more detail below), operates much like the aforementioned "academic" software licenses such as the BSD or the MIT licenses. The copyright for the licensed work, as with these academic licenses, remains with the original author and publisher, although virtually every exercise of rights under copyright law is freely permitted to licensees and there is no requirement that derivative works be licensed under the Open Publication license."
Reviews
Benchmarks for Native IPsec in the 2.6 Kernel (Linux Journal)
Linux Journal explores the IPsec implementation for the 2.6.x kernels. "FreeS/WAN has been the main IPsec implementation for Linux for a long time. Unfortunately, FreeS/WAN has never been integrated into the Linux kernel itself. Instead, the new native kernel IPsec implementation is based on the KAME project, a part of the UNIX/BSD family. The USAGI project used the BSD code from the KAME project as a base for integrating IPsec into the Linux kernel. KAME's user-space tools, specifically setkey and Racoon, have been ported to Linux by the IPsec-tools Project."
MontaVista unveils "open" hard-real-time Linux project (LinuxDevices)
LinuxDevices covers a MontaVista project aimed at bringing hard real-time to Linux. "The latest real-time enhancements, which currently comprise the core of the newly launched Open Source Real-Time Linux Project, are said to revolve around two key technologies -- kernel mutexes, which support priority inheritance; and thread-based interrupt management, which enables system-wide prioritization -- [MontaVista product marketing manager Jacob] Lehrbaum explains."
Filesystem Labeling in SELinux (Linux Journal)
Here's a Linux Journal article on how SELinux uses filesystem labels. "SELinux has hooks located at strategic points within the core kernel code, such as the point where a file is about to be read by a user. These hooks allow SELinux to break out of the normal flow of the kernel to request extended access control decisions. Access control decisions usually are made between a process (for example, cat) and an object (for example, /etc/shadow) for a specific permission (read)."
Miscellaneous
The 2004 OfB Choice Awards (OfB.biz)
Open for Business presents the OfB Choice awards for 2004. "Best E-mail Client: Thunderbird 0.8 The Mozilla project's returns for spending time breaking apart the Mozilla suite are finally paying off. Thunderbird offers a much better, lighter weight and more robust option for e-mail than the previous Mozilla Mail and is quickly surpassing other e-mail clients as well. Furthermore, it provides the only available option for a modern GUI e-mail client that spans all the major operating systems, a major plus for heterogeneous computing environments."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Eclipse Foundation and Actuate Announce Approval of Business Intelligence and Reporting Tools Project
The Eclipse foundation and Actuate have announced the approval of the Business Intelligence and Reporting Tools Project. "Now that the BIRT project has been officially approved by Eclipse, Actuate will begin the task of stewarding development of BIRT, which is expected to culminate in the industry's first open Business Intelligence and Reporting platform by early 2005. Industry analysts agree that BIRT will benefit developers and Actuate by expanding the visibility of business intelligence and reporting to a wide audience of developers."
.LRN ('Dot-Learn') consortium formed
Several universities (including MIT, Heidelberg University, and the University of Sydney) have gotten together and announced the formation of the .LRN Consortium, which is dedicated to the development of open source educational software. More information is available at dotlrn.org.
Commercial announcements
French Ministry of Foreign Affairs and Mandrakesoft launch "Open Source" solution for Internet in Africa
The French Ministry of Foreign Affairs, through the ADEN cooperation program, and Mandrakesoft are cooperating to put Internet access points in Africa. "ADEN's aim is to foster the development and use of Information and Communication Technologies in Africa through the creation of a network of public Internet access points. ADEN will set up sixty public Internet access points, train instructors, provide a suitable environment for local content and software production. The general aim is to create favorable conditions for the exchange of ideas and skills and encourage inter-cultural dialogue." The ADEN-Mandrakelinux pack is built around a version of Mandrakelinux customized for use in a access point environment.
Linux Training Attains A New Standard
The Linux Professional Institute announced its new LPI Approved Training Partner (LATP) program. "This will be the only training program covering all versions of Linux, and complementing the LPI's existing internationally accepted certification standard. The program will be run in the UK by LPI affiliates Open Forum Europe."
MontaVista's realtime press release
MontaVista Software has sent out a press release hyping its "realtime kernel" patch set. The company has also set up a realtime Linux project to host development of that code, even though (as described in this subscriber-only LWN article) the further development of this code appears to be happening elsewhere.PMC-Sierra Announces Open Source Thin Client Networked Computing Initiative
PMC-Sierra has announced a new open-source Network Computing initiative. "PMC-Sierra's open source NC solution, the PMC Xiao Hu(TM) (pronounced 'Sha hu', meaning "Little Tiger"), is a commercially available single board thin client solution co-developed with China's Tsinghua University, MIPS Technologies, Inc., and ATI Technologies, Inc. The combination of the PMC Xiao Hu board with Linux software and MIPS-Powered(TM) processor achieves significant reduction in power and costs compared to the traditional desktop PC approach".
SGI Introduces first Linux-based high-performance visual computing system
SGI has announced its new Silicon Graphics Prism system. "By combining standards-based Intel® Itanium® 2 processors, the Linux operating environment, and its world renowned advanced graphics technology, SGI has created a system that is uniquely suited to addressing the world's most demanding visual computing problems - all at price points that make it accessible to a wider group of users."
Yoxos Releases Versions 1.1 and 1.1 M2 of its Eclipse Distribution
Innoopract announced two new versions of its Yoxos Eclipse Distribution. "Version 1.1 includes Eclipse Release 3.0.1 and version 1.1 M2 includes Eclipse Stable Milestone Build 3.1 M2. Both include over 75 new or updated open-source plugins."
New Books
O'Reilly Releases "Exploring the JDS Linux Desktop"
O'Reilly has published the book Exploring the JDS Linux Desktop by Tom Adelstein and Sam Hiser."Nessus Network Auditing" Released by Syngress Publishing
Syngress Publishing has published the book Nessus Network Auditing by Jay Beale, HD Moore, Noam Rathaus, Renaud Deraison, Raven Alder, and George A. Theall."Programming Ruby, Second Edition" Released by Pragmatic Bookshelf
Pragmatic Bookshelf has published the book Programming Ruby, Second Edition by Dave Thomas."SQL in a Nutshell, Second Edition" Released by O'Reilly
O'Reilly has published the book SQL in a Nutshell, Second Edition by Kevin E. Kline."XML in a Nutshell, Third Edition" Released by O'Reilly
O'Reilly has published the book XML in a Nutshell, Third Edition by Elliotte Rusty Harold and W. Scott Means.
Resources
Linux Gazette #107
The October issue of Linux Gazette is out. This edition has articles about Knoppix, closedShop, Secure Communication with Stunnel, Understanding Threading in Python, AMD64 Linux kernel and the NX bit, and more.Linux RealPlayer 10 gold in Europe and Asia
Real will be releasing new versions of RealPlayer 10 for Linux and Mac OS X. "Specifically, the nine new versions for RealPlayer 10 for Linux are: Brazilian Portuguese, French, German, Italian, Spanish, Japanese, Korean, Chinese (Simplified and Traditional). The four new versions of RealPlayer 10 for Mac OS X are: French, German, Spanish and Japanese."
The LDP Weekly News
The October 13, 2004 edition of the Linux Documentation Project Weekly News is out with the week's new documentation releases.
Contests and Awards
Interview KPDF Icon Contest (KDE.News)
KDE.News talks with the judges for the KPDF icon contest. "Some time ago KDE-Look.org launched an icon contest where artists could submit an icon to be used for KPDF in the next KDE version. It seems the contest has now been prolonged. Curious about this icon contest I contacted the initiator Albert Astals Cid and some jury members to ask them some questions."
Upcoming Events
Australian Open Source Developers' Conference
Australia's first Open Source Developers' Conference (OSDC) will be held at Monash University in Melbourne on December 1-3, 2004.CodeCon 2005 Call for Papers
A call for papers has gone out for CodeCon 2005. The event will take place in San Francisco, CA on February 11 - 13, 2005, papers and proposals are due on December 15, 2004.KDE Presence at Berlinux 2004 (KDE.News)
KDE.News announces the KDE presence at Berlinux 2004. "KDE will be present at Berlinux 2004 which takes place on 22nd and 23rd October in Berlin's technical university. Among the talks will be also one about KDE as enterprise desktop (in German). At the booth we will demonstrate KDE 3.3.1 and thanks to SUSE the upcoming SUSE 9.2 KDE desktop which includes among other things OpenOffice.org 1.1.3 with KDE file dialog integration."
International Linux Audio Conference 2005 (LAC05): Call for Papers and more
The 3rd International Linux Audio Conference will take place in Karlsruhe, Germany on April 21-24, 2005.Pike Users Worldwide Converge on Essen This Week
The Pike Conference 2004 will be held in Essen, Germany on October 13-19, 2004. "Pike is a dynamic programming language with a syntax similar to Java and C. It is simple to learn, does not require long compilation passes and has powerful built-in data types allowing simple and really fast data manipulation."
YAPC::AU / OSDC Registrations Open (use Perl)
Registration for YAPC::AU::2004 has been announced. The event will take place at Monash Caulfield in Melbourne from December 1-3, 2004.Nottingham LUG Linux Awareness Day
The Nottingham Linux Users Group will be holding a public demonstration of Linux at Green's Mill in Sneinton, UK on November 5, 2004.Events: October 14 - December 9, 2004
| Date | Event | Location |
|---|---|---|
| October 14 - 17, 2004 | MySQL Swell | Across the Mediterranean |
| October 14 - 15, 2004 | 11th Annual Tcl/Tk Conference | (Bourbon Orleans Hotel)New Orleans, LA |
| October 14 - 19, 2004 | Pike Conference 2004 | Essen, Germany |
| October 21 - 22, 2004 | Web.It 2004 | Bari, Italy |
| October 21 - 22, 2004 | 5. Encuentro Linux | Valparaiso, Chile |
| October 22 - 23, 2004 | Berlinux 2004 | (Berlin's technical university)Berlin, Germany |
| October 23 - 24, 2004 | OpenFest 2004 | (Inter Expo Center)Sofia, Bulgaria |
| October 26 - 28, 2004 | LinuxWorld Conference and Expo | Frankfurt, Germany |
| October 26 - 29, 2004 | IBM eServer, pSeries, AIX and Linux Technical Conference | Munich, Germany |
| October 27 - 29, 2004 | Sixth International Conference on Information and Communications Security(ICICS'04) | Malaga, Spain |
| October 27, 2004 | Open Source Enterprise Solutions Conference | University of Maryland Shady Grove Campus |
| October 27, 2004 | Open Source Enterprise Solutions Conference | (University of Maryland Shady Grove)Rockville, MD |
| November 1 - 6, 2004 | International Computer Music Conference(ICMC) | Miami, FL |
| November 4 - 5, 2004 | HiverCon 2004 | (The Davenport Hotel)Dublin, Ireland |
| November 5 - 6, 2004 | Nottingham LUG - Linux at Green's Mill Science Centre | Nottingham, UK |
| November 6 - 12, 2004 | High Performance Computing, Networking, and Storage Conf(SCnn) | Pittsburgh, PA |
| November 7 - 10, 2004 | International PHP Conference 2004 | Frankfurt, Germany |
| November 8 - 10, 2004 | MySQL ComCon Europe | (NH Hotel Frankfurt-Mörfelden)Frankfurt, Germany |
| November 13 - 17, 2004 | ApacheCon US 2004 | (Alexis Park Resort)Las Vegas, NV |
| November 14 - 18, 2004 | COMDEX Conference and Exposition | (Las Vegas Convention Center)Las Vegas, Nevada |
| November 14 - 19, 2004 | Large Installation System Administration Conference(LISA '04) | (Atlanta Marriott Marquis)Atlanta, GA |
| November 25 - 26, 2004 | Le forum PHP 2004 | (FIAP Jean Monnet)Paris, France |
| November 29 - 30, 2004 | LinuxPro 2004 | (Hotel Gromada Airport Conference Center)Warsaw, Poland |
| December 1 - 3, 2004 | Australian Open Source Developers' Conference | (Monash University)Melbourne, Australia |
Web sites
New Linux Community Site
Tuxme.com is a newly announced Linux community site. "If you have ever been a windows user, there are a lot of windows sites that post daily news and provide forums for "power users". I envision Tuxme to become something similar but the Linux users. The site will focus not on the underlying technologies (compiling kernels, etc) but rather on the operation of the GUI, productivity software, and being able to use Linux as a full-time OS without any need for windows."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Linux Kernel 2.6: It's Worth More!
David A. Wheeler computes an estimate of what it would cost to develop the Linux kernel from scratch, and comes up with a figure of $612 million. "It's worth noting that these approaches only estimate development cost, not value. All proprietary developers invest in development with the presumption that the value of the resulting product (as captured from license fees, support fees, etc.) will exceed the development cost -- if not, they're out of business. Thus, since the Linux kernel is being actively sustained, it's only reasonable to presume that its value far exceeds this development estimate. In fact, the kernel's value probably well exceeds this estimate of simply redevelopment cost."
Page editor: Forrest Cook
Letters to the editor
Relatively insecure, or absolutely insecure?
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | Michael Dickman <michaeldickman-AT-att.com> | |
| Subject: | Relatively insecure, or absolutely insecure? | |
| Date: | Sun, 10 Oct 2004 11:07:16 +0800 | |
| Cc: | LWN Letters <letters-AT-lwn.net> |
Hi Michael, I'm quoting you from:
http://www.eweek.com/article2/0,1759,1669908,00.asp?kc=EW...
> Yes, today, Windows has security problems, but Eslambolchi is looking for
> desktops two to three years down the road, and if Linux becomes popular
> and hackers pay attention to it, who's to say the Linux desktop won't have
> its own security problems?
Roughly 2/3 of all webservers are Apache, and the vast majority of those are
running Linux. This has been so for many years. If popularity were a
statistical indicator of security risk, server-based disasters like CodeRed
wouldn't have happened on MS-Windows, they'd have happened on Linux.
The overwhelming majority of email servers (MTAs) are Open Source and have
been for a very long time, likewise for FTP servers, name servers (DNS) and
so on. If they were going to be attacked, they would already have been.
So in answer to your question, history's to say that Linux is already popular,
and doesn't have the feared security problems.
I can think of many reasons for that, including that it's simpler, safer and
more granular to update than anything Microsoft offers, but it seems fairly
obvious that the most fundamental one has always been and will continue to be
design decisions. This is not a transient problem, nor has it ever been.
Over time, design decisions become very difficult to reverse. The annoyances
faced by MS-Windows users over new restrictions introduced as part of XP SP2
show just the tip of that iceberg of pain - which will only get worse with
ShortHorn. For many people, it will be ever simpler as their current systems
drift out of support range to simply switch to something else.
The design philosophy which causes this pain is that security has always been
a slap-on applied late in the process for Microsoft, but it is built right in
to practically everything else. The WinFS recently dropped from LongHorn (to
make it ShortHorn) has been in the offing under various names since before
MS-Windows-95, and it's been so hard for MS to bring to market precisely
because of the same kind of poor design decisions.
The MICA derivative of VMS, from which MS-Windows-NT was copied, was able to
be raised to high military security levels through the application of *one*
configuration change but consistently poor design decisions applied by MS to
that code-base have thoroughly trashed that inherent toughness. If that's
Microsoft *starting* from a secure position, how will they do with no run-up?
Desktop software is becoming far more complex than server software, and I
expect that increase in complication to translate to a decrease in security.
However, the same decrease will apply across both MS-Windows and Linux, and
Linux's current collection of viruses is laughably small, something like
seven families, all obsolete, versus a highly disproportionate tens of
thousands of virus families living in Microsoft Land. Linux can be safely
expected to remain far more secure by default.
Hossein Eslambolchi is doing well to scan ahead along AT&T's track, but your
own raising of this popular straw-man right at the start of the process is
not a good indicator for AT&T's impartiality. Partiality is poison to
effective analysis. Have you also read and considered any of the many
well-researched white papers which lay this and other straw men to rest?
Cheers; Leon
Page editor: Jonathan Corbet